Cyber Incident Victim: Stadt Leuna
Date:
Jul 2025
Location:
Germany
Summary
Stadt Leuna's website was rendered inaccessible by a distributed denial‑of‑service attack that flooded its servers with traffic, an incident traced to the infrastructure of its service provider brain‑SCC Merseburg GmbH, which also hosts sites for several other local governments. The overload persisted for several hours until dynamic filtering mechanisms identified and blocked the malicious IP addresses, restoring access by late afternoon. The provider confirmed that no data was compromised during the event.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 29, 2025, the official website of the city of Leuna, www.leuna.de, became inaccessible starting in the morning and remained unavailable until late afternoon. The following day, users continued to experience difficulties when attempting to load the municipal pages, reporting slow loading times and occasional timeouts. The disruption was identified as a distributed denial‑of‑service (DDoS) attack, in which a flood of traffic overwhelmed the targeted systems and prevented legitimate access. The city administration issued a statement on August 4, 2025, confirming the nature of the incident, explaining that the overload was caused by malicious traffic, and apologizing for the restricted availability of its online services.
The attack was directed at the central infrastructure components of the system association operated by brain‑SCC Merseburg GmbH, the IT service provider contracted by the city of Leuna to host its web presence and manage related data. All data belonging to Leuna are stored on the servers maintained by brain‑SCC in Merseburg, which also host the online services of several other municipalities that rely on the same provider. Because brain‑SCC provides services to multiple local administrations, those administrations were affected simultaneously, experiencing comparable accessibility problems. During the attack, the targeted systems experienced a sustained increase in load that persisted for several hours, impairing the performance of the websites and associated online functions such as form submissions and information retrieval.
In the course of the afternoon, the service provider implemented targeted technical measures to curb the traffic flood, notably employing dynamic filter mechanisms that identified and blocked suspicious IP addresses. These actions succeeded in reducing the malicious load and restoring normal accessibility to the city’s website by late afternoon, after which the loading difficulties reported on the following day gradually subsided. Throughout the incident, brain‑SCC’s team stated that there was no risk to the security or integrity of the stored data, emphasizing that the attack affected only availability and not confidentiality. The city’s communication concluded with a request for understanding regarding the temporary service limitations and thanked users for their patience.